Hijacked Database!

[Ryanmcgrim]

I want to thank anyone reading this first off, for taking the time to review my post.

 

I know almost nothing about PHP and MySQL, but have the feeling I am about to embark on the harshest of crash courses and am looking for advice on the steps I should be taking, and their order, to fix a relatively large problem we are having that is threatening our business.

 

I want to make it clear that I am completely willing to take the steps necessary to learn on my own, I just don't have to time to waste learning the wrong things.

 

My uncle owns a small Fertility and Reproductive thearapies Agency, which specialized in connecting couples who are unable to conceive, with potential egg donors.

 

We have a simple website, that explains what we do, how we do it, etc, but we also have a password protected database which includes egg donor information, such as pictures, education, hair color, health histories etc. Couples who need help conceiving are able to acquire a username and password and view potential donors based on lots of different criteria.

 

The problem we are facing, is that our web designer and host (same people) have become extremely unreliable and are no longer working with us, and they are basically preventing us from having access to our own database. We have redesigned the webpage ourselves,  I took the time to learn HTML and CSS, and a bit of JAVA to do so in the process, but I really am struggling on how to incorporate our database, and more importantly how to get out database back in our own hands.

 

Currently anytime we need to add a new DONOR into the database, we go to an administrator page on our website, and there are links to different PHP pages that will do that. For example if we want to enter a new person into the database we click ADD NEW PERSON.PHP fill in the fields, and the databas will be updated. THere are many different PHP links which all do a different simple task. Yet we have no access to the actual DATABASE, and the web hosters / designers are basically holding it hostage so that we have to continue to use their services.

 

My question is 1) Can I download the database myself somehow, and

2) If I can't and this data is lost, or will require a court order to attain, what is the most appropriate way to start a new Database that we can both keep physically on our office network, and update to a new web host. Are 3rd party Data mangement sites the way to go, or can a standard (Honest) server company do this easily?

 

Also due to the state of the economy, our business is not doing very well financially, we have paid this loser WebDesign and hosting company close to $10,000 already for the most basic of pages and we have been told one of the simplest databases and can't afford any more. So if I have to learn PHP and MYSQL myself I will, I just need to know where to start. We are overwhelmed and disheartend, any advice would be great, thank you so very much,

 

Ryan 

[Mchl]

How large is your database?

Dumping all data is just a matter of doing

SHOW TABLES

to list all tables

Then for each position in the result you can do

SHOW CREATE TABLE tablename

to get its structure and

SELECT * FROM tablename

to dump all data.

 

If you have access to a tool lkie phpmyadmin, you can also use its export feature.

 

 

[Ryanmcgrim]

MCHL,

 

Thank's so much for your fast reply. I take it that each of those are commands to use while having access to the actual database, I imagine my ignorance is shining through at the moment, but currently the only interaction we have with the database is through premade PHP scripts which compile the data and publish them for us to use. I have never actually seen the database itself.

 

For example:

 

If I go to www.ourwebsite/com/ADMINISTRATOR

 

There will be 10 text links, which all link to a PHP script which does a new task, such as

 

ADD New Donor

 

List All Donors

 

View Username List

 

View all Active Donors

 

Etc.

 

 

 

But i have never actually seen the database that each of these PHP scripts refer to. If i find a PHP editor, will the address of the actual database location be revealed, and therefore I could find the database to run the commands you suggested?

 

 

Thanks,

 

Ryan

[Mchl]

You can run these queries from within PHP.

[Ryanmcgrim]

Really? Great to know, so if I save one of the PHP files such as "addnewdonor.php" and open up with an editor, i can then run the export command you listed below, or am I missing something?

 

 

[roopurt18]

IMO you should arrange with your hosting company to create a database / code backup that will be stored daily / weekly at your local office.  This will protect you should anything happen to your current hosting company.

 

For example, if your current hosting company tanks, disappears, or whatever, *if* you have the code and a backup of the database you can contract an individual (or company) to get it up and running again on another hosting service.  You might experience a few days of down time and pay more than you'd like to for it, but you *would* be up and running again and this is only the worst case scenario.

 

In addition, if you had the code and a backup stored locally, you could then copy that into your own test and development environment to start modifying and managing the software on your own.  Once comfortable you could finally move your modifications into production with either your current hosting or a new hosting service if you had to.

[Ryanmcgrim]

Thanks for your help, So am I correct in assuming that the only way for us to actually get a copy of our own database would be to actually have our current hosting company / web designers grant it to us. We are unable to make any changes to our own website. We have no FTP access or anything of the sort. Even if we wanted to change a typo on the website, we have to set up a meeting with them (which they charge $500 to do each time). We are litterally being held hostage,  I was hoping that there would be some way to gain access to the actual database, not just the PHP scripts which all have a defined task, small in scope. I tried importing a random php page into PHPEditor, to see if I could access the complete database but so far no luck. As far as I can tell, the advice given from the previous poster assumes a level of access that we currently do not have. Is a court order the only option?

 

[damdempsel]

In your situation, I would say that a court order would be a good idea. If you pay for that website and its features, that database is yours and they can't keep it from you. If they do keep it from you it can be considered a type of theft. If you aren't able to talk with them via phone or E-mail for free then go ahead and bring it to court. I would just recommend trying one more time to ask for the database information.

[roopurt18]

Your hosting company is behaving as a consultant.  You make requests, they implement them, you pay them.  If you want to make a fart and it involves them, then it will cost you money.

 

If you've paid the hosting to develop and host this website for you, then you need to look towards the terms and conditions agreed upon when the work was started.  If the hosting company made claims that all code developed was owned by them and that the database was also owned by them and you were just being granted a license to use, then I'm not really sure what you can do.  Their obligation to abide by your will really depends on who rightfully owns the virtual property.

 

I think $500 to change a typo is a bit outrageous.  I myself work for a company that offers hosting (although not web hosting) as a service.  The software we host is archaic, difficult, and can be problematic.  It really is in our clients' best interest to let us host and manage their data.  In return, we do our best to provide our clients with the data and flexibility they need.  When picking up a new client, we unfortunately run into other individuals who have had the same experience you are having now where someone held their data hostage.

 

It really serves no purpose as:

1) It will just drive you (the client) away from this hosting company

2) It makes it more difficult for hosting companies that actually care (i.e. the one I work for) to sell hosting services

 

I can make you a promise though.  If you start hosting that software yourself you're bound to run into headaches and troubles that will cost more than $500 to fix.  And that is how your hosting company justifies their fee.  Once you start maintaining this software yourself, you'll realize how big of a pain in the ass it is and you'll want to find someone to do it for you again.

 

The business mentality is a pendulum swinging between two extremes.  It never stops in the middle.

[Ryanmcgrim]

Thank you very much for your honesty, fast response, and expertise in this situation. Just one last question:

 

I understand the situation a bit more after speaking with you but still would like some additional advice as to where I should go from here.

 

I understand completely your point about self hosting, and can imagine that there is a level of difficulty beyond my understanding, and I know enough to realize that problems do come up, and can be costly. So for the sake of argument, lets assume we can get the database from them. Which is really nothing more than Name, DOB, Address, Education, Height , and several other basic fields, which we want potential donors to be able to submit for themselves through a simple form, and one which potential  couples are able to access based on their box selected qualifications (height, education, hair color etc). Where do we go from here?

 

We already have the new website designed and tested, but are not really sure what to look for in a hosting company. Can most hosting companies provide this service? I can't imagine that this type of database is considered complex. I know that there is a great deal of coding involved, but in actuality it seems to be a very basic database. Would you agree. what is the best, and most cost effective way to get this site up and running, considering the database side is really all that we need help in developing. Is this something I should try to develop myself and then give to a third party to host, or am I way out of my league. What can I expect this to be cost wise? Is the best option to use MySQL and PHP together as it has been done or is there a better way?

 

Thank again,

 

Ryan

 

[Ryanmcgrim]

And thanks to everyone for their Input!

[roopurt18]

Your site has three basic components you need to worry about when migrating to another host:

 

1) The web server.  Is it Apache, IIS, or another breed?  It usually doesn't matter, but as an example my web apps are always driven by Apache and I always use mod_rewrite.  I don't know if IIS has an equivalent but if it doesn't, it will be slightly more difficult to make my applications work in IIS.

 

2) PHP.  Which version of PHP is the current site developed in?  Which PHP language extensions does it use?  Hosting it somewhere else will usually require they be on at least the same version of PHP and have the same extensions enabled, or at least the extensions your application relies upon.

 

3) The database.  I assume it's MySQL, but whatever it is your new host needs to provide a database version that will work with your existing database.

 

Then you have storage, bandwidth, e-mail, FTP, and other considerations to make.  If your site is small you're probably Ok in this regard, but it's still a good idea to make sure your new hosting account has enough disk space, provides enough bandwidth, and stuff like that.

[Ryanmcgrim]

Thanks everyone again, as it turns out, we ended up having to threaten legal action, and suddenly our database became available again. Anyway, I am starting a redesign (as a complete novice) and have been spending ridiculous amounts of time learning everything that I can. I'm sure you will be seeing more of me. Hopefully one day, i will be able to answer a few questions rather than  just a ask them all the time.

[roopurt18]

There are many online articles and tutorials for learning PHP and associated technologies.

 

However I highly recommend most books by O'Reilly.

 

I also recommend O'Reilly's Head First Design Patterns.  This book would be the equivalent of being thrown into a pool of object oriented sharks.  The examples are also in Java.  So why would I recommend this to a complete novice?  Because Java and PHP share a very similar syntax and the book will show you many, many design concepts that any developer should know.  On top of that, O'Reilly's Head First series are like children's books; they have lots of silly pictures and examples.  Basically they're easy to read.

 

Best of luck to you

[gizmola]

Thanks everyone again, as it turns out, we ended up having to threaten legal action, and suddenly our database became available again. Anyway, I am starting a redesign (as a complete novice) and have been spending ridiculous amounts of time learning everything that I can. I'm sure you will be seeing more of me. Hopefully one day, i will be able to answer a few questions rather than  just a ask them all the time.

 

Don't get me wrong, if you have a sincere desire to learn web development, you're certainly welcome to come here with your questions.

 

On the other hand, here's my outsider's point of view in regards to this thread:

 

me-  computer science education, long career in software engineering, worked for world famous movie studio and game companies, involved in the development of easily 90 websites to date.

 

...  web development continues to be a challenge for me, even though I've been doing some form of it for a decade.

 

you- a business person with no programming education or background, under duress

 

Here's a short list of what you need to understand:

 

-Computer basics (bits + bytes)

-The PHP Programming language

-Javascript Programming language

-Relational database design and SQL

-HTML

-CSS

-Internet protocols and HTTP

-Unix system administration + bash scripting

-The Apache webserver

-Web design + photoshop

-Software engineering practices like source code management

--- and the list goes on and on.

 

Any one of these topics can involve intense study and practice for months to years.  In the web development world it's fairly standard to have teams of people work on a website, because there's so much to it, and there are very few people who are masters of every discipline.  Often you have on a basic team, a sysadmin, web developer, dba and web designer. 

 

From time to time people come here with stories similar to yours and stating similar objectives, and I actually can't provide you a single example after 8 years at phpfreaks, of someone who started out where you are, and successfully became a web developer.  It's just very very unlikely, because the reality is that this discipline is like quicksand and you can very quickly get over your head. 

 

It seems simple at times in abstraction, especially when people are able to get a quick script put together, but that by no means indicates that it's just as easy to platform to the level of development you'd need for your business.  Frankly, we only have your side of the story.  In no way shape or form, do I condone a company attempting to hold hostage assets you bought and paid for, but at the same time, we're not in a position to judge whether or not 10k is a lot of money for what you received. 

 

My advice to you is to find yourself a developer that you can work with for an hourly rate, and one that you can build a relationship with.  Have this person interact with the development/hosting company on your behalf and help you extricate yourself from this mess as economically as possible.  The approach you're taking isn't going to help you in the short term, and just is highly unlikely to pay off for you in the long term, unless your ultimate goal is to invest several years of time to get the point that you're at a basic level of competence, and I don't see how that will help with your current crisis.